Lumension Updates Risk Manager for Improved GRC Efficiency

Compliance and IT Risk Management System from Lumension Security includes updates for actionable remediation

Executives around the world are looking for ways to converge their company's disparate governance, risk and compliance (GRC) initiatives, improve risk management, and reduce costs. A recent survey (February 2010) conducted by KPMG indicates that 64 percent of executives consider convergence of GRC projects a top priority. To help organisations and agencies effectively manage IT risk and cut costs through a centralised approach to compliance and IT risk management, Lumension, the global leader in endpoint management and security, today unveiled the latest version of Lumension Risk Manager v4.1, part of the Lumension Compliance and IT Risk Management Solution.

Lumension Risk Manager is designed to help organisations demonstrate continuous compliance and improve their security posture through a framework that automates audit workflows, harmonises controls with policy requirements, and remediates key risk areas.

Further, through its partnership with Network Frontiers' Unified Compliance Framework, Lumension extends its support for over 420 regulatory requirements with 26,320 citations mapped to over 2,500 harmonised controls by including Security Breach Notification Laws, Health Information Technology for Economic and Clinical Health Act, and FTC Red Flag Rules.

"Many times organisations can feel like they're suffocating under a blanket of so many compliance rules and regulations. They feel constant pressure to demonstrate compliance with limited budgets and resources for recurring compliance projects," said Jeff Hughes, director of solution marketing for IT GRC, Lumension. "Organisations cannot afford to take a scattered approach to compliance; reacting to every new compliance mandate with another new product or procedure. They need a focused compliance solution that centralises compliance and IT Risk Management by bridging and streamlining disparate compliance programmes, controls, policies and procedures while reducing redundancies."

* By utilising the UCF, Lumension's patent pending risk intelligence engine automatically identifies critical controls needed to achieve compliance and secure any IT asset. Controls are assessed once across and reported across all regulations, saving time and consolidating compliance projects.

* Expanded Flexibility & Automation through the Lumension Connector Development Kit: Most IT GRC companies provide limited integration to third-party systems. Lumension Risk Manager's open connector ecosystem allows scan and inventory data to be imported from virtually any database system. Customers and consultants can use the Lumension Connector Development Kit to create custom connectors and import data from their network scanner, asset inventory system and other databases.

* Exception Management: Helps administrators produce more realistic risk and compliance scores where there are certain exceptions that have to be made for circumstances unique to the network. This gives security professionals greater flexibility to make exceptions where needed and allows them to approve, reject or create exceptions from scratch.